screenshot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill captures arbitrary application and browser windows (see SKILL.md example "Take a look at and tell me what you see" and the scripts/take_screenshot.py support for --app/--active-window/--window-id), so the agent will ingest and inspect untrusted third-party content (e.g., web pages or social media shown on-screen) as part of its workflow, enabling potential indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly instructs running helper scripts and, in error cases, to "rerun the command with escalated permissions" and use mechanisms like PowerShell ExecutionPolicy Bypass, which encourages privilege escalation and bypassing sandbox/security controls even though it doesn't create users or edit system files.